From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.24; helo=mga09.intel.com; envelope-from=jiaxin.wu@intel.com; receiver=edk2-devel@lists.01.org Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id BFA152034A8D0 for ; Fri, 19 Jan 2018 22:31:51 -0800 (PST) X-Amp-Result: UNSCANNABLE X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Jan 2018 22:37:14 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,383,1511856000"; d="scan'208,217,223";a="21221797" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by FMSMGA003.fm.intel.com with ESMTP; 19 Jan 2018 22:37:14 -0800 Received: from fmsmsx120.amr.corp.intel.com (10.18.124.208) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.319.2; Fri, 19 Jan 2018 22:37:14 -0800 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by fmsmsx120.amr.corp.intel.com (10.18.124.208) with Microsoft SMTP Server (TLS) id 14.3.319.2; Fri, 19 Jan 2018 22:37:13 -0800 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.213]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.218]) with mapi id 14.03.0319.002; Sat, 20 Jan 2018 14:37:11 +0800 From: "Wu, Jiaxin" To: Karunakar P , "Ye, Ting" , "Fu, Siyuan" , "'edk2-devel@lists.01.org'" Thread-Topic: AsciiPrint() in HttpBootDxe Corrupting the Setup screen Thread-Index: AdOJ2mcWk/hjX4urRy2rJe1VSk/7TQAm0IpAAT9QoLAAAlF7oACPHHWQ Date: Sat, 20 Jan 2018 06:37:11 +0000 Message-ID: <895558F6EA4E3B41AC93A00D163B72741635E5C1@SHSMSX103.ccr.corp.intel.com> References: <895558F6EA4E3B41AC93A00D163B72741635BF8D@SHSMSX103.ccr.corp.intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMjU5OGJlODEtYTAyMi00OTBmLTliZWMtODMwZjFkMDhjODFhIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE2LjUuOS4zIiwiVHJ1c3RlZExhYmVsSGFzaCI6InZvang4VWorb2RFV2dBbUJVNnRKbVM2S2ZiMVpsSUk0TUJcL3BCR3ZhWXNvPSJ9 x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.0.116 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 Subject: Re: AsciiPrint() in HttpBootDxe Corrupting the Setup screen X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Jan 2018 06:31:52 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Karunakar, You should sent out the attached patches for the review:). Reviewed-by: Jiaxin Wu Thanks, Jiaxin From: Karunakar P [mailto:karunakarp@amiindia.co.in] Sent: Wednesday, January 17, 2018 6:29 PM To: Wu, Jiaxin ; Ye, Ting ; Fu, Siy= uan ; 'edk2-devel@lists.01.org' Subject: RE: AsciiPrint() in HttpBootDxe Corrupting the Setup screen [Patch] NetworkPkg\HttpBootDxe: AsciiPrint() in HttpBootDxe Corrupting the = Setup screen NetworkPkg\HttpBootDxe\HttpBootSupport.c | 2 ---- NetworkPkg\HttpBootDxe\HttpBootClient.c| 10 ++++ 2 files changed, 10 insertions(+), 2 deletions(-) NetworkPkg\HttpBootDxe\HttpBootSupport.c NetworkPkg\HttpBootDxe\HttpBootClient.c EFI_STATUS HttpBootCheckUriScheme ( IN CHAR8 *Uri ) { UINTN Index; EFI_STATUS Status;. . . // // Return EFI_INVALID_PARAMETER if the URI is not HTTP or HTTPS. // if ((AsciiStrnCmp (Uri, "http://", 7) !=3D 0) && (AsciiStrnCmp (Uri, "htt= ps://", 8) !=3D 0)) { - AsciiPrint ("\n Error: Invalid URI address.\n"); DEBUG ((EFI_D_ERROR, "HttpBootCheckUriScheme: Invalid Uri.\n")); return EFI_INVALID_PARAMETER; } // // HTTP is disabled, return EFI_ACCESS_DENIED if the URI is HTTP. // if (!PcdGetBool (PcdAllowHttpConnections) && (AsciiStrnCmp (Uri, "http://= ", 7) =3D=3D 0)) { - AsciiPrint ("\n Error: Access forbidden, only HTTPS connection is all= owed.\n"); DEBUG ((EFI_D_ERROR, "HttpBootCheckUriScheme: HTTP is disabled.\n")); return EFI_ACCESS_DENIED; } . . . } EFI_STATUS HttpBootDhcp4ExtractUriInfo ( IN HTTP_BOOT_PRIVATE_DATA *Private ) { HTTP_BOOT_DHCP4_PACKET_CACHE *SelectOffer; HTTP_BOOT_DHCP4_PACKET_CACHE *HttpOffer; UINT32 SelectIndex;. . . . // // Check the URI scheme. // Status =3D HttpBootCheckUriScheme (Private->BootFileUri); if (EFI_ERROR (Status)) { DEBUG ((EFI_D_ERROR, "HttpBootDhcp4ExtractUriInfo: %r.\n", Status)); + if (Status =3D=3D EFI_INVALID_PARAMETER) { + AsciiPrint ("\n Error: Invalid URI address.\n"); + } else if (Status =3D=3D EFI_ACCESS_DENIED) { + AsciiPrint ("\n Error: Access forbidden, only HTTPS connection is= allowed.\n"); + } return Status; } . . . } EFI_STATUS HttpBootDhcp6ExtractUriInfo ( IN HTTP_BOOT_PRIVATE_DATA *Private ) { HTTP_BOOT_DHCP6_PACKET_CACHE *SelectOffer; HTTP_BOOT_DHCP6_PACKET_CACHE *HttpOffer; UINT32 SelectIndex; . . . Status =3D HttpBootCheckUriScheme (Private->BootFileUri); if (EFI_ERROR (Status)) { DEBUG ((EFI_D_ERROR, "HttpBootDhcp6ExtractUriInfo: %r.\n", Status)); + if (Status =3D=3D EFI_INVALID_PARAMETER) { + AsciiPrint ("\n Error: Invalid URI address.\n"); + } else if (Status =3D=3D EFI_ACCESS_DENIED) { + AsciiPrint ("\n Error: Access forbidden, only HTTPS connection is = allowed.\n"); + } return Status; } . . . } Please review the patch. Thanks, Karunakar From: Karunakar P Sent: Wednesday, January 17, 2018 2:44 PM To: 'Wu, Jiaxin'; Ye, Ting; Fu, Siyuan; 'edk2-devel@lists.01.org' Subject: RE: AsciiPrint() in HttpBootDxe Corrupting the Setup screen Hi Jiaxin, We'll send the formal patch for review and also could you please let me kno= w if you want to fill a bug in Bugzilla if needed. Thank You, Karunakar From: Wu, Jiaxin [mailto:jiaxin.wu@intel.com] Sent: Thursday, January 11, 2018 6:21 AM To: Karunakar P; Ye, Ting; Fu, Siyuan Subject: RE: AsciiPrint() in HttpBootDxe Corrupting the Setup screen Hi Karunakar, I agree the fix, can you send out the formal patch for the review or need u= s to follow that? Thanks, Jiaxin From: Karunakar P [mailto:karunakarp@amiindia.co.in] Sent: Wednesday, January 10, 2018 4:48 PM To: Wu, Jiaxin >; Ye, Ting = >; Fu, Siyuan > Subject: AsciiPrint() in HttpBootDxe Corrupting the Setup screen Hello All, [Issue] 1. On giving Invalid URI in Boot URI field in "HTTP Boot Configuratio= n" Page, doing AsciiPrint() in TSE corrupting the Screen. AsciiPrint ("\n Error: Invalid URI address.\n"); 2. When HTTP connection are disabled using "PcdAllowHttpConnections" On giving http URI in Boot URI field in "HTTP Boot Configuration" Page, doi= ng AsciiPrint() in TSE corrupting the Screen. AsciiPrint ("\n Error: Access forbidden, only HTTPS connection is allowed.= \n"); [Fix] 1. I guess We've added this AsciiPrint() because HttpBootCheckUriSche= me() is common for both generic HTTP boot over IPv4/6 and "Http Boot Config= uration" page 2. In case of "Http Boot Configuration", AsciiPrint() may not be nee= ded in HttpBootCheckUriScheme because we're already using CreatePopUp() in = case of Error Status CreatePopUp ( EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, L"ERROR: Unsupported URI!", L"Only supports HTTP and HTTPS", NULL ); (Or) CreatePopUp ( EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, L"ERROR: Unsupported URI!", L"HTTP is disabled", NULL ); 3. When we do Http Boot over IPv4/6, from HttpBootCheckUriScheme() th= ere is chance to get return status as EFI_INVALID_PARAMETER or EFI_ACCESS_D= ENIED 4. In this case we can have AsciiPrint() based on return Status, inst= ead of doing in HttpBootCheckUriScheme() I've attached the suggested changes, could you please review and provide yo= ur comments/Suggestions. Thanks, Karunakar